santhoshsnair/DamageAssessment_Backend
1
0
Fork 0
forked from MDCPS/DamageAssessment_Backend
Code Pull Requests Activity

implementation of Authentication using JWT. Security applied on all microservices endpoints.

Browse Source
This commit is contained in:
Reginald Cherenfant Jasmin
2023-09-20 00:32:30 -04:00
parent 8d386af40a
commit 77816605d1
75 changed files with 1744 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs
View File

@ -1,4 +1,5 @@
using DamageAssesment.Api.Questions.Interfaces;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
namespace DamageAssesment.Api.Questions.Controllers
@ -10,16 +11,14 @@ namespace DamageAssesment.Api.Questions.Controllers
public QuestionsController(IQuestionsProvider questionsProvider)
{
this.questionsProvider = questionsProvider;
}
/// <summary>
/// GET request for retrieving questions.
/// </summary>
// get all questions
//get all questions
[Authorize(Roles = "admin,survey,user,report")]
[Route("Questions")]
[Route("Questions/{language:alpha}")]
[HttpGet]
@ -37,6 +36,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// <summary>
/// GET request for retrieving a question by ID.
/// </summary>
[Authorize(Roles = "admin,survey,user,report")]
[Route("Questions/{id}/{language:alpha}")]
[Route("Questions/{id:int}")]
[HttpGet]
@ -55,6 +55,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// GET request for retrieving survey questions based on a survey ID.
/// Uri: {Optional language}/GetSurveyQuestions/{surveyId} :Default returns question in all languages
/// </summary>
[Authorize(Roles = "admin,survey,user,report")]
[Route("Questions/BySurvey/{surveyId:int}")]
[Route("Questions/BySurvey/{surveyId:int}/{language:alpha}")]
[HttpGet]
@ -71,6 +72,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// PUT request for updating a question (multilingual).
/// </summary>
[Authorize(Roles = "admin")]
[HttpPut("Questions")]
public async Task<IActionResult> UpdateQuestion(Models.Question question)
{
@ -92,6 +94,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// POST request for creating a new question (multilingual).
/// </summary>
[Authorize(Roles = "admin")]
[HttpPost("Questions")]
public async Task<IActionResult> CreateQuestion(Models.Question question)
{
@ -110,6 +113,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// DELETE request for deleting a question based on ID.
/// </summary>
[Authorize(Roles = "admin")]
[HttpDelete("Questions/{id}")]
public async Task<IActionResult> DeleteQuestion(int id)
{
@ -125,6 +129,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// GET request for retrieving question categories.
/// </summary>
[Authorize(Roles = "admin,user,report")]
[HttpGet("Questions/Categories")]
[HttpGet("Questions/Categories/{language:alpha}")]
public async Task<IActionResult> GetQuestionCategoriesAsync(string? language)
@ -139,7 +144,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// <summary>
/// GET request for retrieving a question category by ID.
/// </summary>
[Authorize(Roles = "admin,report")]
[HttpGet("Questions/Categories/{id:int}")]
[HttpGet("Questions/Categories/{id:int}/{language:alpha}")]
public async Task<IActionResult> GetQuestionCategoryAsync(int id,string? language)
@ -156,7 +161,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// <summary>
/// PUT request for updating a question category.
/// </summary>
[Authorize(Roles = "admin,survey,report")]
[HttpPut("Questions/Categories")]
public async Task<IActionResult> UpdateQuestionCategory(Models.QuestionCategory questionCategory)
{
@ -178,6 +183,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// POST request for creating a new question category.
/// </summary>
[Authorize(Roles = "admin")]
[HttpPost("Questions/Categories")]
public async Task<IActionResult> CreateQuestionCategory(Models.QuestionCategory questionCategory)
{
@ -196,6 +202,7 @@ namespace DamageAssesment.Api.Questions.Controllers
/// DELETE request for deleting a question category based on ID.
/// </summary>
[Authorize(Roles = "admin")]
[HttpDelete("Questions/Categories/{id}")]
public async Task<IActionResult> DeleteQuestionCategory(int id)
{

2
DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs
View File

@ -12,7 +12,7 @@
public bool IsRequired { get; set; }
public bool Comment { get; set; }
public bool Key { get; set; }
public int? SurveyId { get; set; }
public int SurveyId { get; set; }
public int CategoryId { get; set; }
}
}

58
DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs
View File

@ -1,11 +1,33 @@
using DamageAssesment.Api.Questions.Db;
using DamageAssesment.Api.Questions.Interfaces;
using DamageAssesment.Api.Questions.Providers;
using Microsoft.AspNetCore.Authentication.JwtBearer;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using Microsoft.OpenApi.Models;
using System.Reflection;
using System.Text;
var builder = WebApplication.CreateBuilder(args);
// Add services to the container.
var authkey = builder.Configuration.GetValue<string>("JwtSettings:securitykey");
builder.Services.AddAuthentication(item =>
{
item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
}).AddJwtBearer(item =>
{
item.RequireHttpsMetadata = true;
item.SaveToken = true;
item.TokenValidationParameters = new TokenValidationParameters()
{
ValidateIssuerSigningKey = true,
IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)),
ValidateIssuer = false,
ValidateAudience = false,
ClockSkew = TimeSpan.Zero
};
});
// Add services to the container.
builder.Services.AddControllers();
@ -17,13 +39,41 @@ builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies());
builder.Services.AddEndpointsApiExplorer();
//builder.Services.AddSwaggerGen();
builder.Services.AddSwaggerGen(c =>
builder.Services.AddSwaggerGen(options =>
{
// Include XML comments from your assembly
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
options.IncludeXmlComments(xmlPath);
OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme()
{
Name = "Bearer",
BearerFormat = "JWT",
Scheme = "bearer",
Description = "Specify the authorization token.",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
};
options.AddSecurityDefinition("jwt_auth", securityDefinition);
// Make sure swagger UI requires a Bearer token specified
OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme()
{
Reference = new OpenApiReference()
{
Id = "jwt_auth",
Type = ReferenceType.SecurityScheme
}
};
OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement()
{
{securityScheme, new string[] { }},
};
options.AddSecurityRequirement(securityRequirements);
});
builder.Services.AddDbContext<QuestionDbContext>(option =>
{
option.UseInMemoryDatabase("Questions");
@ -43,7 +93,7 @@ if (app.Environment.IsDevelopment())
questionProvider.SeedData();
}
}
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();